Why Companies Should View Cloud Services as a Utility
In the past seven years we've seen a seismic shift in the way organizations have structured IT needs to leverage cloud technology. It's enabled faster deployment, more efficient maintenance through automation, and the ability to quickly navigate the changing security landscape with near-constant updates. But even with the clear benefits of cloud services, many organizations continue to feel plagued by nagging concerns around the reliability, security and privacy of their data.
The U.S. Federal Government is well aware of the benefits and risks of the cloud, as more and more government services become reliant on the cloud to maximize efficiency and streamline processes. To better safeguard against security and privacy risks, the government took a page out of the types of standards it creates for public utilities or new technologies, and developed specific standards to ensure its cloud-services providers meet the highest level of security without compromising service.
Approaching cloud-service standards like a utility is based on past success. Take the railroad industry for example. After the Civil War, railroads saw an increase in both traffic and job-related fatalities of railroad workers, forcing the government to enact a set safety standard for all railroad companies in an effort to protect the workers. In another example, electricity needed government standards for many reasons beyond corruption and the designation as an "essential service," and the standards helped protect public interest, reduce duplication of resources, and increased the grid's reliability. The utility model overall improved reliability, safety and performance, leading to wider acceptance, usage, and economies of scale and savings.
Stringent standards, like those imposed by the U.S. government, heralds the arrival of more secure and reliable cloud-services and helps address security concerns from organizations considering the cloud. In 2011 the government assigned its scientists and technologists at the National Institute of Science and Technology (NIST) to develop criteria to ensure its cloud-services providers meet the highest standards of security and reliability and adequately safeguard the government's departmental and agency data, while maintaining authorized accessibility and high availability in the cloud. The resulting Federal Risk and Authorization Management Program (FedRAMP) standard mandates compliance with 328 requirements and involves an intensive auditing process that can easily take years to complete.
While the high standards and rigors of such a process results in a rather short list of authorized providers, having recourse to a vetted provider results in immense savings of time, duplication of effort, tax-payer dollars and peace of mind. FedRAMP certification is also a big win for cloud-service provides because approval from one agency means approval for all agencies on the federal level, opening the door for standardization on their platform. The FedRAMP standard also has implications for other sectors of the economy. For example, the broad and overarching authority of FedRAMP certification extends even over the already established digital security measures in place in the financial services industries (GLBA) and those in the healthcare industries (HIPAA), which can now be viewed as, for all intents and purposes, subsets of the security controls implemented by FedRAMP. Now, businesses and organizations in sectors other than government can leverage technology with the highest standards to host and manage their digital experiences.
The age of secure and reliable cloud services has begun, so just as the government did with FedRAMP and many other utilities in the past, organizations should evaluate and develop their own set of standards for their cloud-services providers in an effort to ensure the highest level of reliability, security and privacy for their companies and customers.
